|
|
|
|
CWE-23 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 23 (Weakness Base) | | Description | Summary The software, when constructing file or directory names from input, does not properly sanitize sequences such as ".." that resolve to a file or directory name that is outside of the intended directory. | | Potential Mitigations | see the vulnerability category "Path Traversal" | | Relationships | | | Source Taxonomies | PLOVER - Relative Path Traversal | | Applicable Platforms | All | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 76 | Manipulating Input to File System Calls | | 23 | File System Function Injection, Content Based |
|
|